How to use attachment filtering on Edge Transport servers in Exchange Server

In Exchange Server, you can use attachment filtering on Edge Transport servers to control the attachments that users receive in email messages. Attachment filtering is performed by the Attachment Filtering agent, which is available only on Edge Transport servers, and is basically unchanged from Exchange Server 2010.

To configure the attachment filtering options, see Attachment filtering procedures on Edge Transport servers.

Types of attachment filtering

You can use the following types of attachment filtering to control attachments that enter or leave your organization through an Edge Transport server:

• Filtering based on file name or file name extension: You specify the exact file name or file name extension that you want to filter. For example, BadFileName.exe or *.exe.

• Filtering based on file MIME content type: You specify the MIME content type value that you want to filter. The MIME content type value indicates what the attachment is: for example, a JPEG image, an executable file, or a Microsoft Excel file. Content types are expressed as <type>/ <subtype>. For example, a JPEG image file is expressed as image/jpeg.

  To view a complete list of file name extensions and content types that attachment filtering can detect, run the following command in the Exchange Management Shell on the Edge Transport server:

  Get-AttachmentFilterEntry | Format-Table -Auto Type,Name
  

After you define the files to look for, you can configure the action to take on messages that contain these attachments. You can't specify different actions for different types of attachments. You configure one of the following actions for all the messages that match any of the attachment filters:

• Reject (block) the message: he message is blocked. The sender receives a non-delivery report (also known as an NDR, delivery status notification, DSN, or bounce message) that explains that the message wasn't delivered because it contained an unacceptable attachment. You can customize the text in the NDR. The default text is: Message rejected due to unacceptable attachments.

• Strip the attachment but allow the message through: The attachment is removed from the message. However, the message itself and any other attachments that don't match the filter are allowed through. If an attachment is stripped, it's replaced with a text file that explains why the attachment was removed. This is the default action.

• Silently delete the message: The message is deleted. Neither the sender nor the recipient receives notification.

Notes:

• You can't retrieve messages that have been blocked or attachments that have been stripped. When you configure attachment filters, carefully examine all possible file name matches and verify that legitimate attachments won't be affected by the filter.

• If you remove attachments from digitally signed, encrypted, or rights-protected messages, you invalidate the digital signature, which makes encrypted and rights-protected messages unreadable. A way to avoid this problem for outbound messages is to sign or encrypt the messages after they've been processed by the Attachment Filtering agent.

For more information, see Attachment filtering procedures on Edge Transport servers.

Default attachments in attachment filtering

The default attachments that are defined in attachment filtering are described in the following table.